Robert Collins wrote:
> Why the extra snprintf? Is "#&%03d;", (int)char) not safe?
It is, except that many consider sprintf totally unsafe and not suitable
for any use. I am one of them.
I selected the current design as a middleground between secure coding
style, code readability and efficiency. It is not perfect in any of the
areas, but I think good enought in all..
> I thought it was things like xprintf(mychar*) that were problems.
Any unbounded operation are problems. A sprintf with a integer format
string where the value is typecasted via char is bounded, but automated
auditing tools have a hard time to realise that this call is different
than one where the integer starts out as an integer..
%03d is "At least three positions", and expands as needed to fit the
integer. So the upper bound of the format string is farily higher than
your reserved space.
Anyway, the note about MemBuf applies to all of this. When using a
MemBuf one does not have to care about the size of the output buffer,
the MemBuf does that automatically for you. By using a MemBuf the code
can get both more securely designed and less complicated.
/Henrik
Received on Mon Oct 30 2000 - 13:14:30 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:53 MST